1. Field of Invention
Embodiments of the invention relate, in general, to networking. More specifically, embodiments of the invention relate to a method and a system for tracking a user in a network.
2. Description of the Background Art
In a typical network, there are several network devices such as servers, computers, routers, switches, and so forth. Examples of a network include Local Area Networks (LANs), Wide Area Networks (WANs), and Metropolitan Area Networks (MANs), among others. The network devices in the network may be coupled to other devices in the network by one or more transmission cables or by wireless means. The various network devices communicate with each other based on certain rules which are termed as protocols. A typical network device in the network communicates with the other network devices based on the 802 group of protocols. The 802 group of protocols are Institute of Electrical and Electronics Engineers (IEEE) standards for port-based authentication of network devices. Ports are access points through which network devices are connected to the network. These 802 standards are used to authenticate the network devices attached to various ports of the network before allowing them access to the network. In case the authentication fails, the network device/s are denied access to the network.
The process of authenticating a network device before granting it access to the network gives network administrators some control over the network as well as the user. Network administrators may track users that access the network through the network devices, to trace malfunctions or security violations back to the user. For such tracking of users, certain information about the user and their associated network device has to be collected. This information needs to be collected continuously so that real-time information is available to the network administrators. The real-time information provides the latest information about the user, which is relevant for tracking the users.
Network devices based on 802 standards can connect to any switch port in the network. Therefore, tracking of 802 based network devices is performed using a ‘user-tracking discovery’. ‘User-tracking discovery’ is a periodically executed pull-based mechanism that retrieves information about the user and their associated network device. Under the 802 standards, an Authentication, Authorization, and Accounting (AAA) server receives the user information provided by the network device through a switch port using a Remote Authentication Dial-in-User Service (RADIUS) protocol. The retrieved user information is stored as a database record that relates the user to a network device and, subsequently, the network device to a switch port. The user information record is used by network administrators, as and when required, to track users in the network.
However, since 802 based network devices can connect to more than one switch port in the network over a period of time, the pull-based mechanism has to be executed at regular intervals to ensure that the information in the database is current. The continuous execution of the pull-based mechanism generates a lot of traffic in the network, unnecessarily consumes network bandwidth and consequently slows down the network.
Moreover, the need for continuous execution of the pull-based mechanism inherently leads to a time-gap between the real-time information of the user and the available information.
Another existing method for tracking users on the switches by using Dynamic Host Configuration Protocol (DHCP) snooping at the switch port to detect the IP address of the network device. DHCP is a communications protocol that automates the assignment of Internet Protocol (IP) addresses in an organization's network. In this method, the required information of the network device is collected from each switch in the network. The collected information includes multiple data items such as the Media Access Control (MAC) address of the network device, the Internet Protocol (IP) address of the network device, the switch IP address, 802.1x Switch port address, among others. Subsequently, the collected information is correlated to a single user by binding multiple data items, such as the MAC address of the network device, the IP address of the network device, IP address of the switch, etc. The correlated information is stored in a database and used by network administrators, as and when required, to track users in the network.
The MAC address of a network device is generally unique for each network device. Hence, it is used as a primary key for storing data in the database. However, there is a possibility that more than one network device can share a MAC address. The method described above resolves the problem of duplicate MAC addresses by using a composite key of MAC address of the network device, IP address of the network device and IP address of the switch. The composite key is used to correlate information associated with the network device to a unique user.
DHCP snooping is a security feature that enables a switch port to differentiate between unknown interfaces connected to the user and known interfaces connected to the DHCP server or another switch port. DHCP is a communications protocol that allows network administrators to manage and automate the assigning of IP addresses in a network. DHCP allows network devices to connect to a network and automatically assigns the network devices an IP address. An unknown interface is an interface that is configured to receive messages from outside the network. A known interface is an interface that is configured to receive messages only from within the network. An AAA server includes software that handles user requests for accessing the network. A RADIUS server is a server that uses a multi-user client-server security protocol such as an AAA (authentication, authorization and accounting) protocol to provide several kinds of authentication schemes for authenticating users on wired or wireless network device/s. The DHCP snooping described above is a pull-based mechanism since it periodically retrieves user information from the network devices.
However, the use of pull-based mechanisms, as explained earlier, to collect information about the user and the associated network device leads to lower performance levels in the network. The method also correlates information about the user on the basis of multiple data items. Such a correlation increases the complexity of the database structure and the processes involved in updating the database. Moreover, the method does not provide a mechanism for tracking a user that is connected to the network through wireless network devices.